The number of security incidents involving mobile devices has increased over the past year, but companies are not protecting their mobile assets as well as they do other systems. One in three organizations admitted to suffering a compromise due to a...

Digitally transforming enterprises are now able to seamlessly integrate a myriad of service providers and business partners globally through diverse private interconnections. Equinix’s Global Interconnection Index volume 2 (GXI2)...

Networking vendor Juniper Networks has rolled out a new security architecture that will connect and operate with an enterprise customer's existing stack of products.
Named ‘Juniper Connected Security’, the open platform automates...

Rapid digitalisation has resulted in a surge in both the number of endpoints and the means by which cybercriminals can infiltrate enterprise networks. Around the globe, the total financial damage due to cybercrimes is predicted to reach $8 trillion...

Topic

Global supply chains and trade networks are becoming more complex as a result of shifting patterns within the logistics industry, including changing demands of vendors and customers.
In reality, not all businesses are able to navigate these...

Public cloud services are a strategic weapon for CIOs. More than a way to cease operating data centers, the public cloud offers CIOs the ability to focus on strategic projects aimed at boosting the bottom line.
“As organizations pursue new...

RSA has unveiled new products to help address many of the challenges related to compliance with data protection regulations like the European Union’s General Data Protection Regulation (GDPR).

New RSA Archer offerings around Data Governance and Privacy Program Management can be paired with RSA NetWitness to help speed breach response, and RSA SecurID to deliver identity and data access assurance to further continuous compliance capabilities.

GDPR is forcing companies around the world to revisit and revise how they manage and protect data in today’s interconnected cyber landscape. A recent PwC survey found over half of U.S. multinationals say GDPR is their top data-protection priority.

Data privacy is a business risk

“We used to live in a world where executives ran the business, IT ran the infrastructure, security set the perimeter, and compliance made the rules, but regulations like GDPR are breaking down those old walls,” said Rohit Ghai, President, RSA. “GDPR translates cyber risk to a bottom-line business issue, which completely changes how businesses view their customers’ data.”

RSA offers a combination of products and services across these domains, including two new use cases in the market leading RSA Archer Suite:

The RSA Archer Data Governance use case is designed to assist organizations in better documenting data governance requirements to improve support for data-centric regulations, such as HIPAA, GLBA and GDPR.

The RSA Archer Privacy Program Management use case is designed to enable organizations to holistically manage privacy programs and align processes with regulations, including privacy assessments and regulatory case tracking.

Ultimately, GDPR is not just a Governance, Risk and Compliance (GRC) issue. GDPR spans the full enterprise and forces companies to adopt a healthier privacy and security risk posture in four critical areas: Risk Assessment, Breach Readiness, Data Governance, and Compliance Management.

Understanding your cyber and business risk

GDPR Article 32 outlines elements of a security risk assessment process to ensure the appropriate design and implementation of controls. An effective risk assessment process helps accelerate the identification of the linkage between risks and internal controls, potentially reduce the GDPR compliance gaps and improve risk mitigation strategies, while also giving companies a game plan for improving their cyber posture.

The RSA Archer Suite is designed to empower organizations to manage multiple dimensions of risk with solutions built on industry standards and best practices on one configurable, integrated software platform.

Other use cases that can help support critical GDPR related processes include:

RSA Archer IT Risk Management helps accelerate the identification of IT risks related to GDPR compliance and improves an organization’s risk mitigation strategies.

RSA Archer IT & Security Policy Program Management provides the framework to help organizations establish a scalable and flexible environment to document and manage an organization’s policies and procedures to help comply with the GRPR.

RSA Archer IT Controls Assurance provides a framework and taxonomy to assist organizations by systematically documenting the GDPR control universe, enabling organizations to assess and report on the performance of controls at business hierarchy and business process levels.

RSA Archer Third Party Catalog assists in documenting third party relationships, engagements and associated contracts to identify help track external parties related to GDPR.

Breach response

Article 33 of the GDPR regulation outlines specific requirements for notification of a personal data breach to the supervisory authority, which makes having a full understanding of the details of a data breach paramount.

The goal of any security team is to prevent these kinds of breaches, but breaches can still occur. As a result, many data protection requirements focus on breach response and reporting.

Additionally, GDPR requires notification to regulators, generally within 72 hours of becoming aware of an actual breach. Released earlier this summer, the newest edition of RSA NetWitness Suite is designed to scan your entire infrastructure for indications of an attack, and uses behavioral analysis and machine learning to help better understand the scope and nature of a breach with improved visibility into the attack sequence, enabling faster notification.

Identity management

Another critical element of GDPR compliance is controlling who has access to personal data. Organizations must protect personal data in a number of different ways, and must be able to demonstrate accountability in keeping accurate records of processing activities, including the categories of personal data processed, the purposes of processing, transfers to third countries outside of the European Economic Area, and the relevant technical and organizational security measures.

The RSA SecurID Suite, including RSA SecurID Access and RSA Identity Governance and Lifecycle, is designed to enable organizations of all size and maturity to minimize identity risk and deliver convenient and secure access to their modern workforce. By leveraging risk analytics and context-based awareness, RSA SecurID Suite helps ensure the right individuals have the right access, from anywhere and any device. These products can play a critical role in addressing the fundamental need for identity and access assurance.

Compliance

Compliance program management establishes a scalable and flexible environment to document and manage an organization’s relevant privacy policy and/or GDPR related procedures, standards and controls. However, being GDPR compliant, just like having a “secure” enterprise can change from moment to moment and is a moving target for businesses.

The RSA Risk and Cyber Security Practice offers a range of strategic services designed to help customers develop a business-driven security posture, build an advanced security operations center and revitalize their GRC program. RSA also provides implementation and post-implementation support so customers can maximize their existing investment in RSA products.

The RSA Risk Management Practice delivers strategic consulting services to help optimize an organization’s GRC program. It also offers staff augmentation and support services to help plan, implement, deploy and upgrade RSA products and services, including the RSA Archer Suite.